This feature is only available in Canton Enterprise

Trusted Enclave Domain (CCF)

The domain integration is based on trusted enclaves (Intel SGX) and is using the Confidential Consortium Framework (CCF).

Getting Started

The getting started guide assumes that you have access to a Canton Enterprise release, the Canton Enterprise docker repository, as well as having docker and docker-compose installed.

Run the Demo Deployment

The demo deployment consists of two Canton participant nodes, a Canton Enterprise domain as well as a CCF-based sequencer. One docker container runs the Canton nodes and another docker container is running the CCF network. The Ledger API ports of the two Canton participant nodes are exposed to the host, such that Daml applications can be run from the host and connected to the Ledger API as with any other Daml ledger.

Note that the demo deployment provides reduced security guarantees and should not be used for a production deployment.

To spin up the demo deployment, a docker-compose.yaml file is packaged with the release artifacts. After unpacking the release archive and entering the canton-enterprise release directory, perform the following steps.

First, we need to set the type of hardware security that is used by the CCF network. If you do not have access to a SGX-capable machine, set export ENCLAVE=virtual to run with an insecure virtual mode. If you do, set export ENCLAVE=release.

The demo deployment will by default use the Canton version from the release. However, if you wish to use a different version, you can specify it with the CANTON_VERSION environment variable. For example, export CANTON_VERSION=0.19.0 to use Canton v0.19.0. You can choose dev for the latest main build of Canton.

Now we can start the demo deployment using docker-compose with the following commands:

cd examples/e02-ccf-domain && \
docker-compose -p canton-ccf-demo -f docker-compose.yaml \
-f demo/docker-compose.yaml run --rm --service-ports canton

By default, the Ledger API is available on localhost on the ports 5011 for participant1 and 5021 for participant2.

Once you have completed using the demo deployment, you can shut it down and delete the temporary volumes with the following command:

docker-compose -p canton-ccf-demo -f docker-compose.yaml \
-f demo/docker-compose.yaml down -v

Customization of the Demo Configuration

The demo deployment is using a default Canton configuration and bootstrap file located in examples/e02-ccf-domain/demo, which one can customize and restart the demo deployment. Note that if you change the participants’ ledger API ports, you also need to change the port mappings in examples/e02-ccf-domain/demo/docker-compose.demo.yaml.

Security Considerations

The demo deployment, in particular when run in virtual mode, provides limited security guarantees. Virtual mode means the CCF application is not leveraging trusted enclaves and runs as a regular process, which does not provide the same confidentiality and security guarantees as an enclave. A malicious host can extract any data from the virtual mode CCF application. Furthermore, in virtual mode the application is logging on debug-level and thus may leak sensitive information to the host that way too.

The demo deployment is using a test network setup with all CCF nodes running in a single container, thus does not provide high availability. Furthermore, the test network operates with a single pre-provisioned member certificate, thereby that single member controls the entire CCF governance.